Re: Lock down sign to one user
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/09/05
- Previous message: IVT: "Lock down sign to one user"
- In reply to: IVT: "Lock down sign to one user"
- Next in thread: Miha Pihler [MVP]: "Re: Lock down sign to one user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 9 Sep 2005 10:55:09 -0500
Open Local Security Policy - secpol.msc and go to local policies/user rights
and configure the user right for allow logon locally to be what you need.
For instance you could have just administrators and the specified user
listed for that user right. After a reboot the user right "effective"
setting should be the same as the local setting unless domain level security
policy is defined for that user right. I believe that administrators for
that computer could still logon locally even if they are removed from the
user right for allow logon locally though that behavior may not be the same
for Windows 2000 and XP. Be very careful configuring deny logon locally as
administrators are members of users and everyone group and deny user right
overrides the corresponding allow user right. --- Steve
"IVT" <IVT@discussions.microsoft.com> wrote in message
news:62540D2D-68B2-4671-9091-7B902B534144@microsoft.com...
>I want to allow only a specific assigned user to login to a particular
> windows 2000 professional PC and prevent any other users from logging on
> at
> that PC.
> What is the best way to do that? I've already set it in AD so the user
> can
> only login to that PC and set logon hour restrictions but I want to
> prevent
> any other users from logging on from that specific PC.
- Previous message: IVT: "Lock down sign to one user"
- In reply to: IVT: "Lock down sign to one user"
- Next in thread: Miha Pihler [MVP]: "Re: Lock down sign to one user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
